[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: About valid and invalid user names

On Sun, 06 Feb 2005 18:06:17 +0200, Petri Latvala
<adrinael@nuclearzone.org> wrote:
>On Sun, 2005-02-06 at 12:15 +0100, Marc Haber wrote:
>> By default, adduser will verify the user against a configurable
>> regexp, default being the most conservative ^[a-z][a-z0-9\-]*$. The
>> --force-badname option will change the regexp to a hardcoded
>> ^[-\._A-Za-z0-9]*\$?$, allowing users to happily hang themselves. This
>> gives the somewhat funny situation that the default can be configured
>> to be less restrictive than --force-badname, but I doubt that it would
>> be sensible to have --force-badname turn off all checks.
>How about adding an additional check to the code path without
>--force-badname that checks that the username is a valid POSIX username.
>That is, make it check against the configurable regexp only when
>--force-badname is not given, and against the hardcoded one in both
>occasions. This would avoid the "funny situation" and not break any
>POSIX-following tools.

Nice idea.


-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber         |   " Questions are the         | Mailadresse im Header
Mannheim, Germany  |     Beginning of Wisdom "     | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

Reply to: